Privacy Policy

Summary

We collect what we need to deliver your personality report, nothing else. We do not sell your data, do not run advertising, and do not use your responses to train AI models. You can download or delete your data at any time from your account settings or by emailing privacy@knowthydefaults.com.

1. Who is responsible for your data

Defaults ("we", "us", "our") is operated by TOO «Багдарлы Кадам» (Bagdarly Kadam LLP), a limited liability partnership organized under the laws of the Republic of Kazakhstan, business identification number (BIN) 241040038701. Our registered address is Akbugy street 2/2, Astana, 010000, Republic of Kazakhstan. We act as the data controller for personal data described in this policy. For all privacy questions, contact us at privacy@knowthydefaults.com.

2. Geographic scope

The service at knowthydefaults.com is offered worldwide except where restricted. It is not directed to or intended for residents of the European Union, European Economic Area, or United Kingdom and we do not actively market to those regions. If you do use the service while we don't actively serve your region, this policy and the practices it describes apply, and we honor data subject rights as a matter of policy regardless of whether your local law strictly requires it.

3. What we collect

• Account information. Email address, display name, and authentication identifiers created through our auth provider (Clerk).
• Assessment responses. Your answers to the IPIP-NEO-120 or IPIP-HEXACO items you choose to complete.
• Computed results. Domain and facet scores derived from your responses, and any reports we generate from them.
• AI chat content. If you use the in-report AI chat, your prompts and the model responses, retained so the conversation can be resumed.
• Payment metadata. Transaction identifiers, country of purchase, last four digits of your card, and order amount. Card numbers themselves are handled by LemonSqueezy (our Merchant of Record) and never touch our servers.
• Device and usage data. IP address (truncated where possible), browser type, pages viewed, and product events captured through PostHog.
• Support correspondence. Messages you send us by email and any attachments you include.

4. How we use your data and on what basis

We process personal data only for the purposes listed below, on the legal bases noted. Where Kazakhstan law applies, we rely on your consent or on the necessity of performing a contract with you. Where U.S. state law applies, we process under the relationship necessary to provide the service you requested.

5. What we do not do

• We do not sell your personal information.
• We do not share your individual responses or reports outside your account.
• We do not use your responses to train large language models, ours or anyone else's.
• We do not show advertising on the site or share data with advertising networks.
• We do not perform profiling for legal or similarly significant decisions about you.

6. Sub-processors

We use the following service providers to operate the service. Each one is bound by a written data processing agreement and may only process your data under our instructions.

We will update this list when sub-processors change. Material changes will be announced by email to account holders.

7. International data transfers

Defaults is operated from Kazakhstan and stores data with providers in the United States and the European Union. By using the service you understand that your data will be transferred to and processed in those jurisdictions, which may have data protection rules different from your own. We rely on written data processing agreements with each provider and choose providers with established security and privacy practices.

8. Data retention

We retain your account, assessment responses, computed scores, and reports for as long as your account is active. If you delete your account, the related personal data is permanently deleted from our systems within thirty (30) days, with limited exceptions for records we must keep to satisfy tax, accounting, chargeback, or other legal obligations. Anonymized statistics that can no longer be linked to you may be retained indefinitely.

9. Your rights

Regardless of where you live, we honor the following rights for everyone who uses the service:

• Access. Get a copy of the personal data we hold about you.
• Rectification. Correct inaccurate or incomplete information.
• Erasure. Delete your account and the data associated with it.
• Restriction. Ask us to limit processing while a question or correction is open.
• Portability. Receive your responses and scores in a machine-readable format.
• Objection. Object to processing based on legitimate operational interest, including analytics.
• Withdraw consent. Where processing is based on consent (for example, marketing email), opt out at any time.

You can exercise most of these rights yourself from your account at Settings » Privacy, or by emailing privacy@knowthydefaults.com. We respond within thirty (30) days. We do not charge a fee unless your request is repetitive or clearly excessive. You will not be retaliated against for exercising any of these rights.

10. Notice for California residents

This section supplements the rest of the policy and applies to residents of the State of California under the California Consumer Privacy Act (CCPA) as amended by the CPRA.

Categories of personal information collected in the last 12 months. Identifiers (email, user ID, IP address); customer records (name, payment metadata); commercial information (purchases); internet or other electronic network activity (pages viewed, events); and inferences drawn from your assessment responses (personality scores).

Sources. Directly from you (assessment responses, account fields), automatically from your device (analytics events), and from our payment processor (transaction metadata).

Purposes. To provide and improve the service, process payments, communicate with you, and meet legal obligations. See Section 4 for the full breakdown.

Disclosures. We disclose personal information only to the sub-processors listed in Section 6, and only for the purposes shown there.

Sale or sharing. We do not sell or share personal information for cross-context behavioral advertising, and we have not done so in the preceding 12 months. We provide a Do Not Sell or Share My Personal Information link in your account settings for completeness.

Sensitive personal information. We do not use or disclose sensitive personal information for any purpose other than providing the service you requested.

Your California rights. Right to know, right to delete, right to correct, right to opt-out of sale or sharing, right to limit use of sensitive personal information, and right to non-discrimination. To exercise any of these, email privacy@knowthydefaults.com. We verify requests by matching the requester's email and account credentials. Authorized agents may submit requests on your behalf with written permission.

Shine the Light. California Civil Code § 1798.83 permits residents to request a notice of how we share personal information with third parties for direct marketing. We do not share personal information for those purposes.

11. Children

Defaults is intended for adults. The service is not directed to children under 18 and we do not knowingly collect personal information from anyone under 18. We do not knowingly collect personal information from children under 13 in the United States (COPPA). If you are a parent or guardian and believe your child has provided us with personal information, contact privacy@knowthydefaults.com and we will delete the account and associated data.

12. Automated processing and AI

Two parts of the service are automated. First, your assessment is scored algorithmically by comparing your answers to published scoring keys. The score itself is deterministic given your answers. Second, the report narrative text and the in-report chat are generated by large language models supplied by our AI providers; outputs are constrained by a curated citation library but can still contain inaccuracies.

Neither of these processes produces decisions with legal or similarly significant effects on you. You can opt out of the AI chat at any time by not using it; you can request a non-AI summary of your scores by emailing privacy@knowthydefaults.com.

13. Marketing email and CAN-SPAM

We only send transactional email (receipts, password resets, report ready) by default. Marketing email is opt-in. Every marketing email includes the sender's identity, a physical mailing address, and a one-click unsubscribe link. We honor unsubscribe requests within ten (10) business days.

14. Cookies and similar technologies

We use a small number of strictly necessary, functional, and analytics cookies and storage entries. The full list, including names, vendors, purposes, and retention, is on our Cookie Policy. You can review or change your preferences at any time through the cookie banner.

15. Security

We use industry-standard safeguards: TLS in transit, encryption at rest with our database provider, role limited access for staff, and periodic dependency and vulnerability review. No internet system is fully secure; if we ever experience a breach affecting your personal data, we will notify you and, where required, the relevant authority without undue delay.

16. Changes to this policy

We may update this policy as the service evolves. Material changes will be communicated by email to account holders. Minor edits will be reflected by the «Last updated» date above. The current version always governs.

17. Contact

Privacy questions and requests: privacy@knowthydefaults.com
General inquiries: hello@knowthydefaults.com
Postal: TOO «Багдарлы Кадам», Akbugy street 2/2, Astana, 010000, Republic of Kazakhstan